The Firebox has Gateway AntiVirus settings that are used regardless of which proxy Gateway AntiVirus is configured to work with. For more information, see Gateway AntiVirus Global Settings.
It is important to update the signatures for the Gateway AntiVirus Service. You can update the signatures in two ways:
- Configure the Gateway AntiVirus Update Server to enable automatic updates
- Update the signatures manually in Firebox System Manager, as described in Subscription Services Status and Manual Signatures Updates.
Allow Signature Updates to a Third-Party Antivirus Client
If you use a third-party antivirus service on computers that are protected by your Firebox, you could have problems with updates for the third-party service. When the client for that secondary service tries to update its signature database on port 80, the WatchGuard Gateway AntiVirus service, working through the HTTP proxy, recognizes the signatures and strips them before they download to the client. The secondary service cannot update its database. To avoid this problem, you must add HTTP-Proxy: Exceptions to the policy that denies the update traffic. You must know the host name of the third-party signature database. Then you can add that host name as an allowed exception.
To configure an exception on the Firebox to allow computers to download antivirus signatures, in Policy Manager:
- Open the definition of the HTTP proxy policy that denies the update traffic.
- From the Categories section, select HTTP Proxy Exceptions.
- In the text box adjacent to Add, type the host name of the update server. If you want to allow all subdomains to bypass the proxy, use the wildcard symbol (*) before and after the host name. For example, *watchguard.com* allows all subdomains of watchguard.com, such as antivirus.watchguard.com and updates.watchguard.com.
- Click Add. Repeat Steps 4–5 for additional exceptions you want to add.
- Click OK twice to close both dialog boxes.
- Save the Configuration File.